Mentor team members in establishment, evaluation, and reporting upon risks and controls in the IT and business environments

Help with the development of communications and related campaigns for Compliance-awareness

Collaborate & coordinate with other internal controls-focused areas such as Security, IT Attestation PMO, Other IT Attestation teams, and business compliance areas

Design, perform, and evaluate the current testing of multiple controls at one time

Maintain and improve the process for evaluation of IT controls through a combination of automated testing and interviewing

Evaluate the frequency and scope of IT control testing

Maintain and improve the current IT Attestation (SOX) design effectiveness and operating effectiveness testing program

Perform internal self-assessments for management (outside of attestation program)

Perform/mentor team on following activities:
Risk identification and mitigation strategies
Control documentation
Control testing

Process to evaluate and improve control documentation & testing (effectiveness/efficiency)

Coordinate and consolidate the identification and tracking of control deficiencies/unmitigated risks in the environment:
Involve appropriate business and IT representation in decisions on how to address control failures in design or operational effectiveness
Ensure the process to resolve control deficiencies has mechanisms for:
Building dynamic decision groups (business, IT and other teams)
Collecting and reviewing control deficiencies
Developing and selecting mitigation strategies
Assigning resources for remediation (non-compliance team resources)
Recording the decisions for future reference
Tracking the progress of remediation activities
Collect information on control failures/unmitigated risks, and remediation results to build compliance reports for IT and business management

Provide status reports of remediation projects/activities

Translate technology-oriented test results into business-focused risk language

Collect and report test results in the expected time frame

Communicate IT compliance activities within the context of business risk

Create, review and/or approve IT compliance reports prior to distribution

Securely archive reports for future use

Provide Advisory Services For IT Controls in multiple projects, teams, and audits through:
Ensuring consistent control implementation by providing a mechanism for identifying control requirements prior to their implementation into production IT environments

Support management in understanding Internal Audit's scope, requirements, process, and timeline

Support management in understanding external audits (E&Y, DOI, customers, 3rd party) scope, requirements, process, and timeline

Support management in implementation of policy/procedures within the environment

Provide guidance and support for risk modeling

Establish risk modeling scope

Establish risk scoring system

Establish risk scoring process and timing

Execute risk scoring

Collect risk scores and results and build compliance reports for IT and business management.